[Pkg-haproxy-maintainers] Bug#790871: Bug#790871: haproxy install should restart rsyslog

Fri Jul 3 13:22:45 UTC 2015

[I'm resending this message to the bug tracker because I accidentally forgot 
to include it in the recipient list.]

On 2015-07-02 19:13, Vincent Bernat wrote:
>   ❦  2 juillet 2015 16:49 +0200, Vincent Bernat <bernat at debian.org> :
>
>>> When haproxy is installed, it adds a file:
>>>
>>>    /etc/rsyslog.d/49-haproxy.conf
>>>
>>> This file configures:
>>> * A log socket in the HAProxy chroot
>>> * A separate log file for HAProxy log messages.
>>>
>>> However, after this file is installed, rsyslog is not restarted. The
>>> result is that the log configuration doesn't work until the user
>>> discovers this and manually restarts rsyslog.
>>>
>>> It would be nice if this could be done during package
>>> installation. Maybe something like this in `haproxy.postinst` would
>>> work?
>>>
>>>      if [ -x '/etc/init.d/rsyslog' ]; then
>>>              invoke-rc.d rsyslog restart
>>>      fi
>>
>> I agree that we should signal to rsyslog that there is a new
>> file. However, are we allowed to restart an "unrelated" service?
>
> I have pointed to the fact that rsyslog may also have an upgrade running
> and therefore stopped and restart would start it again and the start
> operation would fail.
>
> I am afraid that triggering a restart from another postinst script will
> just pile up additional bugs.

That's unfortunate, but understandable.

I still think something should be done, but I don't have any good 
suggestions. Mentioning it in documentation could work, but I wouldn't 
expect people to read that when installing the package. Maybe at least 
mention it in the relevant location in haproxy.cfg?

An extreme solution would be to disable chroot by default, not 
installing any files for rsyslog and logrotate, but leave a comment in 
haproxy.cfg:

     global
         log /dev/log    local0
         log /dev/log    local1 notice
         # If you enable chroot, you will have to provide a log
         # socket inside the chroot. See
         # /usr/share/doc/haproxy/haproxy-rsyslog.conf for an
         # example of how rsyslog can be configured to provide such a
         # socket.
         # chroot /var/lib/haproxy
         [...]

That way at least the administrator wouldn't be suprised by the lack of 
log messages.

Btw.: I had a look at what the rsyslog package does, since that package 
also drops a file in rsyslog.d that adds an additional log socket, but 
that package does not suffer from the same problem as haproxy. It opens 
the log socket before chrooting, so it can continue to send log messages 
to it from inside the chroot jail. See:

http://anonscm.debian.org/cgit/users/lamont/postfix.git/tree/debian/README.Debian#n24

--
Olav Morken
UNINETT